Bestand wählen
Merken

ASLR on the line

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
to my mind the the the
the the the the if OK everyone has a now please join me in welcoming Eric who was a PhD student at the FU in Amsterdam and he will talk about ASLR please give them a warm round of applause the hello I like set America we use PCs students at the view of some to the Vistec Group and I'll be put something work that we have done in the group today up
and but the the worker I'm
presenting the most of the work has been done by then covered and they say from who we show that the attack that we I'm presenting is applicable to to 20 all 22 micro spew might architectures is that the status that so that close to them I tried to speak this
slide in all my talks but the this I miss especially apt because this talk is about finding them
of the so this talk is about attacking Islam which is stored
for a the phase layout randomization it's the next flight mitigation technique which as far as deployment conservative it is 1 of the success stories the scientists that's been introduced its why the bin is been widely adopted and it makes exploit that if the trees in the some what's the more difficult the way is a lot makes it more difficult it is that that that changes the location of code and data you see every time deposits runs so to the attacker the there cannot rely on such matters as B to be this all the time so far all their
mother and 64 bit architectures that the address space you see is 40 it's it's which means there is about you can address about so 250 6 terabytes of memory of course this memory is not
yeah you cannot write everywhere on or read everywhere because you computer probably doesn't have that much memory so
in reality only a very small proportion of the memory is allocated to a process and so it's quite easy them to change the location of this memory the
so it makes life the expert right a tiny bit more difficult because it's very useful for an to know duplication of data for example if you want to override a return address on the stack then it's nice to know where you can jump to that of course she done if you don't know you might jump into nowhere and then the program crashes however
yeah there not much is needed to to do this for this mitigation you just need to leak the location of the memory so I really like this Becker them is
some of the unique you can try to reuse the bug that you can use to exploit to and 2 2 1st league information and then exploit or if that's not possible you'll have to find another bucket which allows you to the correct this yeah a location or maybe you don't
have to so this presentation is about an attack which uses of this general from Darfur scripts this on the on processes in the hardware itself to discover information about the locations of all of data or code in memory CIO the
moment of CPU architecture is is a wondrous at 1st and layer so even if you as a programmer right machine go there there's lots of stuff you don't have to worry about especially stuff to make this fishy stuff to make here
in know you programs to faster than memory accesses are very slow on that compare compared to your CPU on modern computers and that's why there's there in test mechanism the test mechanism building so other things are also observed the way for example if your program does a memory accesses the data is written to the cash but where is it written your program gives a virtual addresses of the to for gives it gives off of virtual address to the that to deceive you which then the end this view needs to translate that to a physical address which is done by component fault amended memory management unit so the memory management unit has a small cache of of of mappings from pages to of from from physical memory to a from 4 to memory to physical memory but if if if that's not if if if it matters is not in the cache but it has a dual page stable
and the page tables is what we're not going to try to attack and will use that that will be measured effect the debatable walk will have on the the L 3 cache the last and biggest cash or in the CPU to to find out what's happening in the during the page so we're talking about
doing a a timing attack from JavaScript and to measure whether memory gets axis so that which means that we need a pretty good time to be able to do this the luckily for us
the browser and the standards committees have come up with that an API to just do that so you can take a timestamp do operation and then take another time stamp and then you get the very crisp time measurement until some money published a paper which which allow which showed basically that you can do a loss of a case of an attack on the and and and and the on the CPU and discover something so the boss of most makers made made the time the measurements much more granular so every microsecond Condor so you get a little bump and then someone microseconds nothing nothing changes but all is not lost 40 attacker because you can now do yeah you can turn and of course ranks dimer into a fine-grained timer which you can do for example is wait for this bound to happen and and quickly do an operation and then start a counter and then depending on whole hour long operation takes you at the counter no because gas from the lower operation takes exploited the counts that began is when the wind when the gem happens so in Chrome they chose to ferry they're very the length off of of of the time when the when this happens so but still it you can do multiple measurements and then you take an average and then you can still get they get measurements however it we can do better so there the browser makers decided to to make this a bit more difficult but where there where data the Senate's Committee when the parser Standards Committee the Committee take they
also give us so they decided to implement the the in object called that this shared array buffer which allows the multiple threats which a call their burkas in JavaScript do work on a single piece of memory and they decided to enable this by default which is actually after we policy attackers so I don't know you know they basically have given up on and given up on the funding but 2nd scale time measurements in that in JavaScript
so this year at a rate of 4 can be used for other things but all not talk about this this today them so how how
can we use is how can we measure is the time using shared memory welds quite simple 1 fats is used when doing the timer measurements and the other threads does operation and so when the of when the 2 of the 5 richest operation yeah the the power further waits until the threats of factor which thus operation is ready to do the operation and then it yeah it's observer of variable and those those starts operation meanwhile the the counter threads at the time threats of sees that that the shared buffer has changed and will start counting and then when the operation is done and the devil the the the the 2nd factor do the before again and then the counter threats stopped so this gives a very crisp measurement so now we have a nanosecond
the of the scale time we can be used such text from Duff's fits and so will be there doing time it's attacker a by on the loss all cancers and when the CPU the as
is as is memory everything is was in this book that on the granularity of occasions line and which is a 64 bytes I
within forcible level 3 carriers assessing physical addresses maps onto a certain that and this this concept can for sample on the on the 4 core desktop in the machine but contains 16 different case lines come and all look at all talk about the a modern Intel machine but the concept translates to that's the of all also to other of my so their recorder 2 thousand 248 consensus which are a call the slides
and so therefore for on a 4-core machine if 4 slices and the sizes are shared among all cost but it's just the way indoors organize their he so
to get the cash that ideas so in which case side to set within the slices is used you take the physical address and then you that's got 6 bits which are basically defier telling you which within the cache line use and then take the 11 bits next and that's is a concept so it's basically a round-robin mapping of the physical map memory did the test lies is some complicated so the hash functions and forties attack we don't need it so we were lucky the important thing to remember is that the test if 2 concepts that case lines so if a physical memory mapped to the same impression that that they have the same offsets that yes so the same physical address if you only only in regard to bits which and it's so date only regarded the lowest bits so that everyone there there at the same address modulo 100 and 20 it's OK the lights from which follows that the they also must have the same address model modulo 4 kilobytes
and which happens to be the size of a memory pages which is the base units of of memory management on almost all architectures I guess in use so that now
we know this we can do but besides that will attack and there are multiple multiple attacks possible and will you probably use the the most simple 1 called effect effect and time so the code to do it in the victim time attack is also quite simple given fixed function which uses a buffer and just the act of this case finds which map into a certain guess that and we can do is just do that by in the Kay sign which at a certain offset all of a page which we do this we've just seen at this point I'm going all the cash lines there should be there filled with with our data so then we proceed to do an operation we do take a time stamp we the and operation and we time how long this takes if this operation needs did do something which at the air with the physical memory 1 of the cases I guess that's which maps into this a signed in physical memory which maps into this that's it will take longer because we have to do a memory access and memory accesses are really slow all compared to the CPU or can it's on more modern computers so this way we we can see if this operation depends on the physical world a memory location in which maps into discussion so
how does this apply pay civil walked which will attack of and so
channels are a mechanism of the odds are the method a mechanism for of processes to address those really large address space while only by having a relatively small amount of physical memory so it's basically a tree
structure tables at every level which the fight of the outer space into equal parts so in the 1st level the on Intel this set which is called the 4th level it because the 4 levels so this the Fight space up in into chunks of 512 kilobytes the next level which so there could be 5 and 12 entries but they don't have that don't have to be the defied the the space into 1 gigabyte chunks then digit a megabyte tongues and then lastly into 4 can avoid chunks which is the granularity of a page so all each entry in there points to a memory
pages of physical memory pages so but the
page the table all could process does this it takes the address and will
look at it will you can use will
use a binary representation of this address because that's the easier is a easier to show the processor there were all of the word 1 bits are black and the light wide bits are 0 so say there is
a still be minutes so we'll have to do that they table walk around that there's a special bridges sorry in the CPU which points to the data and the that the the 1st server they several then the big civil it did their hardware looks at the the 9 most 15 bits in the address and then uses that as a an index pointer into the table download it does the same with the
next level and with the next
level and with the next level
ATP until the level where we know what the actual age and then the 12 bits at the end that will be used to point into this page so this is a 4 K page but in the end so we we can use this page to do as Eitel attack
but I will be there but they're officer phase is at the other Program the debate Sables themselves are also baby their ages so yeah he should each of
them are out the pages and so we can also do this Eitel take on this that these pages so for the sake of the core
of of what we can discover this way
so we can find out that a certain pages that gets now there are 8 possible entries which would cause the state so we don't know that much but so so off all mob but if we look at these pages we conceded 6 bits are the same so we can we now know that there is a sequence of 6 bits in this address that has this value that we discovered by doing the caste timing side channel now therefore
levels of pages and there's a final location into the page so we get 5 days we assume we no day of the last level that the the last location inside the page because that's in practice pretty easy to reverse engineer and even if you can't then there are the other side channels to find this out in fact we use this final location to do this I general attack on all the other locations so actually we we we try to them the net try to not get in the in the way so no but we have found the 4 gas lines which may be used for the they walk so we can see this weekend's seceded for chunks of 3 bits that we know nothing about and we would be also don't know is which lines which case sign is used for which the level of page tables so that would give us about 16 comma decimal 6 bits of entropy left so that's not a whole lot of we have gained so that we we still need to find 16 bits however there's kind of a chicken so we have a
difficult sliding where we allocates a large enough buffer and then we just broke pages of 1 after another time so we just at at the at next page write expert Triton next page do looks a bit like
this so for the last level cache a bitch able we just but tried the next president pays the next pages and then when it switches we know OK
does this was a page by a fresh sign boundaries so the next for the next page we know that can the bits of this entry are all 0 because it's just went over to bounded in this technique we can also do
afforded the 2nd level of page tables
at this time we add 2 megabytes 2 megabytes 2 megabytes too many still not that bad that problematic to do from Darfur scripts and
then we get there the whole yeah the whole at 2nd level that entry so how
much of and 4 B is left so all we have got to chunks of the bets and we don't know which a page table at which gets because cosine belongs to which they the level so we're left with 7 bits and this is so I think for this there's not a lot to do a book about this if we want to have a good time as in JavaScript's but we can actually do more because in practice
stubbed stuff doesn't death yeah think that this
stuff isn't optimal so yeah so that actually nowadays we were starting to be able to allocate 1 gigabytes on occasions in JavaScript's which is probably because you want to run a rule to monument in there was something and but then the for
lost all its it's kind of too much vitamin 12 gigabytes allocations and then you might be I have to do death up till of 2 at 2 8 times so then however the the
portable fight of for Firefox on Linux if you allocate a certain type of objects calls an array buffer Firefox doesn't initialize and it is us the kernel for the memory and then just leave it there and what the Linux kernel does is it doesn't initialize it and so it doesn't have to map in pages in the base civil structures so it just and it doesn't use up any memory as long as you don't touch it and we don't have detected we just have to go over and that's 1 page or if you have a 1 page at the very end so this into a seems to have so actually on Linux you can that turns out you can allocate huge chunks of a virtual memory and actually it within a the yes seconds to minutes we can then calculate the whole you can you can have visited the attack and slipped further the 3rd day care sign on the do highest level pitch civil in Chrome from DOS
initialize memory which is a bit of 4 2 of for us but but what it does is it divides memory up into but in heaps and when the heap is full or a decides OK caIled maybe for security reasons I'll need to create a new 1 it's just that to increase there is a lot actually it's it tries to allocate the huge that avoid it ties to the 4 huge gap between the previous sheep and a new heap which means we can move forward quickly in the address space so using this method of creating new leaps or we can from we can then recovered the level address bits which would leave us with 3 bits of entropy last on Windows 1 or 0 I am the chair and at the but then so doing the attack on the 4th level will would would take a lot of time and maybe the person who because the because Chrome to initialize of free loss of memory and it just takes time a year that the get out so maybe the user will click away noise our for you their recovery for you
so this attack was implements is on the Skylake machine but has been verified that that works on 22 machines by the does the this site and all in all the native C with the native C program play and so so the time for a demo
video so would world of so here we have obviously the browser so these guys what the these bits role measurements which is the here signals detected by and sulfur which would which kind of try to is tries to find they're they're the most likely the the most likely values were for that show looks really pretty matrix style and then in office try to get confidence on with their magic measuring of tools that pointed that these decide OK It's clear and then type but that attaching GDB to
verifiable the address as we
can see that the addressee on the is it the case of memory that we know and it is because you in because of that we of left left the market there so that's the so are still In
conclusion it's possible to do to recover quite a lot of the address information from JavaScript script using hard sites in alone on the memory management unit and apparently browser vendors have given up on this or and the other that no such tax because you can't have you can have mold and multiprocessing shared memory that without this apparently that that's the way that the direction we're going so any questions the the the has always plays line up at the microphones and I will start with number 1 please just have a look at the actual are also box and look at how many are exportable just a single leak point the you show you need at least 2 you could point the the some some were true to right to actually game and control of execution flow so in our that we also have a way to link a cult pointer so the 1st sleeker data pointer and then the create creates a lot of JavaScript pp due to the German differed JavaScript's the the colony and then we have yeah this is leaking there the most significant pages is really hard to to do for college but the the last level it did so the the ones who have worked in there they symbols which there which point 2 did the actual pages and I think also the levels this level 1 level above is actually pretty easy to fall easy it's a do it's a global to to leak using this technique but we get mike number 4 place so you just criticized the browser futures for the not trying to mitigate all the security issues and what would you as a as an ace of are accurate command the browse through what all the measures they could take that they have not yet taken so yet there is a little also a discussion of where there is a lot whether this is 1 1 of the things that make this attack quite easy is that it is a browser makers have have tried to defend against another problem call a use-after-free vulnerabilities by allocating more memory every to that in a different region every time because if you can free memory and then I look at the if you allocate something else and then the above in the browser will use it as if it too also all objects for example then you can do you think can be quite bad stuff so I guess this is as yet so you can think of mitigations against this technique but they might work against that the mitigate against use of of the phrase so the question also becomes a though we as young so so is is it's still worth it sorry this is that there also because they're they're only 7 bits that are not inherent to the architecture itself yeah the question is in an environment where you can run JavaScript is it's is a is a lot now it might help a bit and then they covered the spend lots of hours on implementing this it expose writer might serve yeah it it will still be extra efforts if there's no easier way but yeah the question is yes it's the I'm not sure on the could we get a question from the internet please given that the ASLR it's only meant to help protect against remote attacks of how useful is your approach when an attacker cannot exercise the you so that there would always exercise I mean you but I guess choosing the location is a harder and the and the timing is of course over the net work when were difficult so I don't really said but the thing is that there is lot is used for local attacks and this against local attackers and this shows that that's that that that are inherently inside the architecture of problems with this and It's not that useful apparently Corrigan like number 1 place so recently by some a log of stability and security researcher low-key heart which was for I was and in your presentation I saw of course the Apple projects sorry the Samsung projects a 7 which is the iPhone 5 process what I'm wondering is if I the creates in job scripts contain much shall code am I able to that this attack to get the address of that specific array or is that impossible so the said yeah so usually I guess I shall code itself no among the executable it in an array but says that you will get the location of did you control completely if that's what you but that's actually what amounts to them I will in this a PUC available on this is kept closed source and I don't think that we usually don't through released the attack the colored we do described we do we have to describe we described in the paper so it's it should be repealed producible at using the paper thank you the and the will to stay at my can 1 Payton get out the graphic you showed us and JavaScript would really colors and that for you trying to say on the Y and X X is the the that
please say this stop for individual for example but I guess the so
I am not completely sure that that is a about but the
first one might be role of measurements the 2nd 1 there is the the 4 things well added the page tables that the we try to the did the lookups if we try to find the yeah tell and more from might 1 place the I was just wondering if you guys actually a test of this technique on public lots or any in a multi-tenant architecture as this effect is to have we in the browser so there we we tested it doesn't work for clients browser client of in like I would like to continue actually is to this effect we have a modest and about alright so I was actually a couple of things about this is my question was not through the specifically about the is there but the more like how how could be like the mitigation techniques for like public cloud over each 10 of his right access to the cache line and how it is that you can be possible to do to disclose the detection so yeah the the dominant quite a few attacks of using it the can using this technique from also just natively look like you would do in the Member you know the he can environment for something as to guide U.S. environment of you on so there is a browser plugin from some of our research is that you got out of the car and just could 0 which aims to provide mitigation against a such as text from JavaScript have you heard of it and if so have you not favored provides for error protection against the attacks usually so I think so the the the son of Ivan tried it but whether describe but I would say what would that provide protection because it's so it it allows you to disable the disabled stuff you don't want among wisdom which agents are buffer said then they begin zone this is in principle this is before wasn't here before this year anyhow and the this is I doubts lots of public code makes use of it the says that I think it's easy to to disable stuff you don't want us to JavaScript they're physically adding stuff all the time so this to make it suitable from from gaming and all kinds of sensors that you want and so and most color doesn't make use of it for example I and I where I only use JavaScript online in the browser when the pace doesn't love would out but and at a son I'm all for a disabling lots of stuff when the that we don't need but it did the direction of the browser seems to go yeah they're they're himself but I guess we'll see how it will turn out in the Indians do we have any more questions you don't know then please thank the speaker again the what was that if
we have a the the of the biotic ICT CPU if the 2 of back
GRASS <Programm>
Sichtenkonzept
Polarkoordinaten
XML
t-Test
Gruppenkeim
Unrundheit
Gerade
Rechenschieber
GRASS <Programm>
Computerarchitektur
Zeiger <Informatik>
Kombinatorische Gruppentheorie
Randomisierung
Netzwerktopologie
Prozess <Informatik>
Code
Raum-Zeit
Adressraum
Binärdaten
Randomisierung
URL
Phasenumwandlung
Code
Strategisches Spiel
Bit
Adressraum
Festspeicher
Adressraum
Computer
Computerarchitektur
Randomisierung
Videospiel
Expertensystem
Bit
Prozess <Physik>
Raum-Zeit
Adressraum
Festspeicher
Adressraum
Systemzusammenbruch
URL
ROM <Informatik>
Randomisierung
Leck
Exploit
Adressraum
Raum-Zeit
Festspeicher
Information
URL
Programmfehler
Caching
Programmiergerät
Architektur <Informatik>
Hardware
Prozess <Physik>
Momentenproblem
Browser
Übergang
Information
Kombinatorische Gruppentheorie
Informationsmanager
Code
Kombinatorische Gruppentheorie
Virtuelle Maschine
Rechter Winkel
Festspeicher
Speicherabzug
Skript <Programm>
Computerarchitektur
URL
Information
Zentraleinheit
Stabilitätstheorie <Logik>
Physikalismus
Adressraum
Seitentabelle
Computerunterstütztes Verfahren
Zentraleinheit
ROM <Informatik>
Homepage
Einheit <Mathematik>
Code
Speicherabzug
Zusammenhängender Graph
Optimierung
Softwaretest
Soundverarbeitung
Caching
Kraftfahrzeugmechatroniker
Sichtenkonzept
Gebäude <Mathematik>
Übergang
Mapping <Computergraphik>
Caching
Festspeicher
Dualitätstheorie
Speicherverwaltung
Zentraleinheit
Nichtlinearer Operator
Einfügungsdämpfung
Bit
Browser
Mathematisierung
Zentraleinheit
Zählen
Parser
Rangstatistik
Benutzerschnittstellenverwaltungssystem
Festspeicher
Mehrrechnersystem
Benutzerführung
Messprozess
Gruppoid
Zeitstempel
Einflussgröße
Standardabweichung
Zentrische Streckung
Default
Einfache Genauigkeit
Systemaufruf
Bitrate
ROM <Informatik>
Objekt <Kategorie>
Puffer <Netzplantechnik>
Thread
Festspeicher
Default
Benutzerführung
Einflussgröße
Caching
Nichtlinearer Operator
Zentrische Streckung
Einfügungsdämpfung
Gemeinsamer Speicher
Zentraleinheit
ROM <Informatik>
Teilbarkeit
Puffer <Netzplantechnik>
Variable
Thread
Adressraum
Luenberger-Beobachter
Thread
Messprozess
Gruppoid
Einflussgröße
Leistung <Physik>
Caching
Subtraktion
Freier Ladungsträger
Physikalismus
Adressraum
Systemaufruf
ROM <Informatik>
Gerade
Übergang
Mapping <Computergraphik>
Rechenschieber
Virtuelle Maschine
Assoziativgesetz
Datensatz
Adressraum
Festspeicher
Stichprobenumfang
Speicherabzug
Gerade
Caching
Softwaretest
Bit
Program Slicing
Adressraum
Textur-Mapping
ROM <Informatik>
Gerade
Mapping <Computergraphik>
Vierzig
Virtuelle Maschine
Informationsmodellierung
Adressraum
Restklasse
Festspeicher
Caching
Hash-Algorithmus
Restklasse
Gerade
Punkt
Computerunterstütztes Verfahren
Zentraleinheit
Textur-Mapping
ROM <Informatik>
Code
Homepage
Homepage
Puffer <Netzplantechnik>
Einheit <Mathematik>
Vorzeichen <Mathematik>
Adressraum
Gruppoid
Speicheradresse
Zeitstempel
Gerade
Soundverarbeitung
Caching
Lineares Funktional
Nichtlinearer Operator
Gerade
Mapping <Computergraphik>
Festspeicher
Computerarchitektur
Speicherverwaltung
Tabelle <Informatik>
Caching
Kraftfahrzeugmechatroniker
Prozess <Physik>
Physikalismus
Adressraum
Übergang
ROM <Informatik>
Homepage
Netzwerktopologie
Adressraum
Festspeicher
Code
Speicherabzug
Brennen <Datenverarbeitung>
Zentraleinheit
Menge
Differenzkern
Festspeicher
Physikalismus
Mereologie
Überlagerung <Mathematik>
Datenstruktur
Innerer Punkt
Raum-Zeit
Homepage
Tabelle <Informatik>
Übergang
Bit
Hardware
Adressraum
Selbstrepräsentation
Zentraleinheit
Homepage
Automatische Indexierung
Adressraum
Virtuelle Realität
Server
Wort <Informatik>
Coprozessor
Zeiger <Informatik>
Tabelle <Informatik>
Bit
Homepage
Homepage
Übergang
Caching
Tabelle <Informatik>
Bit
Folge <Mathematik>
Adressraum
Information
Auswahlverfahren
Homepage
Office-Paket
Homepage
Adressraum
Speicherabzug
Seitenkanalattacke
Optimierung
Phasenumwandlung
Aggregatzustand
Caching
Expertensystem
Bit
Randwert
Browser
Schreiben <Datenverarbeitung>
Seitentabelle
ROM <Informatik>
Homepage
Übergang
Homepage
Puffer <Netzplantechnik>
Pufferspeicher
Vorzeichen <Mathematik>
Reverse Engineering
Entropie
Seitenkanalattacke
URL
Betriebsmittelverwaltung
Gerade
Randwert
Bit
Vorzeichen <Mathematik>
Caching
Seitentabelle
Homepage
Übergang
Homepage
Bit
Güte der Anpassung
Skript <Programm>
Seitentabelle
Trigonometrische Funktion
Übergang
Betriebsmittelverwaltung
Schlussregel
Maschinenschreiben
Bit
Einfügungsdämpfung
Freeware
Adressraum
Geräusch
Baumechanik
ROM <Informatik>
Homepage
Homepage
Kernel <Informatik>
Übergang
Puffer <Netzplantechnik>
Vorzeichen <Mathematik>
Adressraum
Datentyp
Bildschirmfenster
Virtuelle Adresse
Datenstruktur
Mobiles Endgerät
Drei
Raum-Zeit
Computersicherheit
Zwei
Objekt <Kategorie>
Wechselsprung
Festspeicher
Benutzerführung
Wiederherstellung <Informatik>
Entropie
Speicherverwaltung
Benutzerführung
Videokonferenz
Virtuelle Maschine
Bit
Demo <Programm>
Web Site
Architektur <Informatik>
Konvexe Hülle
Browser
Gewichtete Summe
Optimierung
Einflussgröße
Demo <Programm>
Videokonferenz
Office-Paket
Hidden-Markov-Modell
Festspeicher
Adressraum
Zehn
Stabilitätstheorie <Logik>
Web Site
Bit
Prozess <Physik>
Punkt
Gemeinsamer Speicher
Browser
Adressraum
Zahlenbereich
Information
Kombinatorische Gruppentheorie
Homepage
Wiederherstellung <Informatik>
Übergang
Richtung
Eins
Homepage
Internetworking
Leck
Einheit <Mathematik>
Prozess <Informatik>
Spieltheorie
Skript <Programm>
Zeiger <Informatik>
Einflussgröße
Gerade
Demo <Programm>
Caching
Datennetz
Computersicherheit
Browser
Einfache Genauigkeit
Symboltabelle
Quellcode
Datenfluss
Videokonferenz
Objekt <Kategorie>
Einheit <Mathematik>
Softwareschwachstelle
Festspeicher
Gamecontroller
Projektive Ebene
Computerarchitektur
Speicherverwaltung
URL
Information
Programmierumgebung
Speicherverwaltung
Softwaretest
Soundverarbeitung
Browser
Seitentabelle
Plug in
Zeitzone
Code
Richtung
Puffer <Netzplantechnik>
Client
Spieltheorie
Caching
Computerarchitektur
Programmierumgebung
Streuungsdiagramm
Gerade
Einflussgröße
Fehlermeldung
Hypermedia
Systemprogrammierung
Informationstechnik
Zentraleinheit

Metadaten

Formale Metadaten

Titel ASLR on the line
Untertitel Practical cache attacks on the MMU
Serientitel 34th Chaos Communication Congress
Autor Bosman, Erik
Gras, Ben
Razavi, Kaveh
Bos, Herbert
Giuffrida, Cristiano
Lizenz CC-Namensnennung 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/34875
Herausgeber Chaos Computer Club e.V.
Erscheinungsjahr 2017
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik

Ähnliche Filme

Loading...
Feedback